HeadFlash

Security

Chrome 0-Day, PeopleSoft Attacks, and FBI's Cyber Town

Google patches exploited Chrome zero-day; ShinyHunters hit PeopleSoft; FBI trains in fake town; AudiA6 dismantled; and more.

Listen

Google Chrome 0-Day CVE-2026-11645 Exploited in the Wild

A critical zero-day vulnerability in Google Chrome is being actively exploited, prompting an emergency update. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine, which processes untrusted code from every site visited. Successful exploitation can corrupt memory, leak data, or lead to remote code execution from a single malicious page. Google’s emergency Stable update ships 74 security fixes, including 17 critical ones. Users are advised to update manually via Help then About Google Chrome rather than waiting for the staged rollout to ensure immediate protection.

Critical Google Chrome 0-Day Exploited in the Wild, Plus Microsoft and ServiceNow Under Fire →

Single Faulty Character in Linux Kernel Opens Sandbox Escape and Root Access

A high-severity use-after-free flaw in the Linux kernel, traced to a single faulty character, allows attackers to evade sandbox defenses and gain root privileges. The vulnerability sits in the kernel itself, meaning exploitation results in full privilege escalation on affected systems. The report underscores how a tiny coding slip can cascade into a severe security failure, reminding that even mature codebases remain one typo away from a critical hole.

Critical Google Chrome 0-Day Exploited in the Wild, Plus Microsoft and ServiceNow Under Fire →

ServiceNow API Endpoint Left Open Exposed Customer Data

ServiceNow disclosed a security incident where an API endpoint was mistakenly left open, potentially allowing unauthenticated access to customer data. A June 5 security update fixed the issue, which could have exposed IT tickets and internal documentation stored in customer instances. Community claims suggest a customer security team flagged the problem weeks before the patch, raising questions about response time. The company has not confirmed which records were viewed.

Critical Google Chrome 0-Day Exploited in the Wild, Plus Microsoft and ServiceNow Under Fire →

Law Enforcement Dismantles AudiA6 Ransomware Crypto-Laundering Service

Authorities from 11 countries, supported by Europol and Eurojust, dismantled the AudiA6 cryptocurrency laundering service, which had processed over $380 million for ransomware actors and other cybercriminals. The service, operating between 2022 and 2025, acted as a central money laundering hub linked to more than 15 international investigations. Two administrators—a Ukrainian and a Russian national, identified by the U.S. DoJ as Ruslan Igorevich Tkachuk and Alexander Vladimirovich Ledenev—were arrested in Georgia. Seizures included 25 domains, 80 vehicles and properties, €86,000 in cryptocurrency, and 6,000 KYC records linked to money mule accounts. The service advertised itself as a professional mixing service but simply took cybercrime proceeds, laundered them through complex transactions, and returned cleaned funds minus a 3–10% commission.

Authorities dismantle ‘AudiA6’ ransomware crypto-laundering service →

ShinyHunters Targets Oracle PeopleSoft Servers, Steals Data from Over 100 Organizations

The ShinyHunters extortion gang is conducting ongoing data theft attacks against Oracle PeopleSoft servers, claiming to have stolen data from 300 instances across more than 100 organizations. The attackers use a gadget chain of old and zero-day vulnerabilities, with exploitation success depending on instance configuration. Most victims are in the education sector, and Nottingham University confirmed a cybersecurity incident with data published on ShinyHunters’ leak site. Cybersecurity researcher Michael R found exposed directories containing tooling, including MeshCentral agents and credential spray scripts. Indicators of compromise include IP addresses and a shell script that drops ransom notes onto internal PeopleSoft servers via SSH using common administrative accounts. Organizations running PeopleSoft are urged to check logs for connections from the listed IPs and begin incident response if found.

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks →

Google Sues Chinese Cybercrime Network for Using Its AI in Scams

Google filed a lawsuit on Friday against a Chinese cybercrime network called Outsider Enterprise, accusing it of using Google’s AI to blast online financial scams to hundreds of thousands of Americans. The internet giant is coordinating for the first time with the FBI and wireless providers AT&T, T-Mobile, and Verizon to shut down the network. The legal action marks an escalation in countering AI-enabled fraud, though details of the specific AI tools used have not been disclosed.

Google says Chinese cybercrime group used its AI in scams →

FBI Builds Fake Town in Alabama to Train Agents in Cyberattack Response

The FBI unveiled its Kinetic Cyber Range, a 22,000-square-foot replica small town hidden inside its Huntsville, Alabama campus. The facility includes homes, a hotel, a gas station, a courthouse, and a fully functional data center with around 200 servers, all wired with operating systems and live networks. Agents train on simulated ransomware attacks, evidence recovery from hacked vehicles, and digital footprint tracing across interconnected systems. Since opening last year, over 1,400 FBI personnel and other government agency members have trained there. The range replaces classroom theory with hands-on scenarios, reflecting how modern cyberattacks increasingly spill into the physical world.

The FBI secretly built an entire fake town just to practice cyberattacks →

Researcher Uses AI to Automatically Fuzz Google APIs, Uncovering Thousands of Endpoints

A security researcher known as Brutecat detailed a novel method using AI to automate fuzzing of Google’s APIs at scale. By scraping over 60,000 Android APKs, intercepting network traffic, and analyzing Google binaries, the researcher collected thousands of API keys. After filtering for Google-owned projects using a Cloud Marketplace endpoint, the researcher scanned for discovery documents across live Google API domains, finding documentation for over 1,500 APIs—including those hidden behind internal visibility labels. The technique bypassed restrictions that Google had introduced in July 2025, enabling access to endpoints not intended for public use. The research was conducted as part of Google’s Vulnerability Reward Program, though no specific bounty amount was disclosed in the writeup.

Hacking Google with A.I. for $500,000 · Brutecat →